[Samba] samba 4 ad member - idmap = ad for machine accounts

Kacper Wirski k.wirski at babkamedica.pl
Mon Sep 18 14:59:59 UTC 2017 

	It's centos 7, no local users except root, all system users have UID <100, 
and system is used ONLY for samba, as file server for windows machines, and 
never will never be used for anythin else, that's why I said it works for 
me.


	I read wiki thoroughly, so I know about RID drawbacks, that's why I wanted 
to get idmap - AD to work not just for "users" (which works perfectly btw), 
but for "machines" too in those few odd scenarios...


	I'll try to to setup share the way was described in previous mail and see 
where it gets me.


	Thank You for Your input/comments.


	 


	Dnia 2017-09-18 16:50 Rowland Penny via samba napisał(a):


	On Mon, 18 Sep 2017 16:24:23 +0200 "L.P.H. van Belle via samba" 
<samba at lists.samba.org> wrote:
	
		The op tells us :        idmap config *:backend = tdb        idmap config 
*:range = 100-2000        # idmap config for domain MYDOMAIN        idmap 
config MYDOMAIN:backend = ad        idmap config MYDOMAIN:schema_mode = 
rfc2307        idmap config MYDOMAIN:range = 4000-99999 I dont know the OS 
here, but what happens if uid 100 is a linux system users. Then it also maps 
into BUILTIN\username You might check need to check this out also.
	I have already told him these aren't recommended ranges, all I got was 
'they work for me' or words to that affect. I don't think I have seen what 
OS he is using. Rowland -- To unsubscribe from this list go to the following 
URL and read the instructions: https://lists.samba.org/mailman/options/samba

	 


	 


-- 
Z poważaniem, 
Kacper Wirski

tel: + 48 608 421 424

Babka Medica Sp. z o.o. Sp. k.
ul. Słomińskiego 19/517, 00-195 Warszawa
Sąd Rejonowy dla M.St. Warszawy w Warszawie XII Wydział Gospodarczy KRS
0000298042
NIP 525-234-00-28

www.babkamedica.pl

----------------------------------------------------------------------------


Informacja zawarta w niniejszej korespondencji jest poufna. Korespondencja
skierowana jest wyłącznie do osoby (firmy) wymienionej wyżej.
Rozpowszechnianie, kopiowanie, ujawnianie lub przekazywanie osobom trzecim w
jakiejkolwiek formie informacji zawartych w niniejszym dokumencie w całości
lub w części jest zakazane bez uprzedniej pisemnej (pod rygorem nieważności)
zgody Babka Medica Sp. z o.o. Sp. k.

	 


	 

More information about the samba mailing list